package java.Bad.Test_Cast_ID_2175;

/*
 * This software was developed at the National Institute of Standards and
 * Technology by employees of the Federal Government in the course of their
 * official duties. Pursuant to title 17 Section 105 of the United States
 * Code this software is not subject to copyright protection and is in the
 * public domain. NIST assumes no responsibility whatsoever for its use by
 * other parties, and makes no guarantees, expressed or implied, about its
 * quality, reliability, or any other characteristic.
 *
 * This reference program was developed in Jan 2010 as part of the Software
 * Assurance Metrics And Tool Evaluation (SAMATE) project.
 * We would appreciate acknowledgment if the software is used.
 * The SAMATE project website is: http://samate.nist.gov
 */

/*
 * This code (java servlet) has a Failure to Preserve Web Page
 * Structure 'Cross-site Scripting (XSS)' CWE-79 CWE-259 vulnerability.
 * http://cwe.mitre.org
 *
 * This code demos the Stored XSS (or Presistent) ==> "Basic Bad Case".
 * The servlet retrieves the records from database and directly
 * reflects it back into the HTTP response.
 *
 */

import java.io.IOException;
import java.io.PrintWriter;
import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;

import javax.naming.Context;
import javax.naming.InitialContext;
import javax.naming.NamingException;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.sql.DataSource;

public class cwe79_storedXSS_bad extends HttpServlet {

	public void doGet(HttpServletRequest request, HttpServletResponse response)
			throws ServletException, IOException {

		PrintWriter out = response.getWriter();

		out.println("<html>"
				+ "<head><title>CWE79 Stored XSS Bad</title></head>");
		out.println("<body  bgcolor=\"#ffffff\">"
				+ "<h4>Found the following messages:</h4>");

		Connection conn = null;

		try {
			// Set the context factory to use to create the initial context
			System.setProperty(Context.INITIAL_CONTEXT_FACTORY,
					"your.ContextFactory");

			// Create the initial context and use it to lookup the data source
			InitialContext ic = new InitialContext();

			DataSource dataSrc = (DataSource) ic.lookup("jdbc/TestDB");

			// Create a connection to the database from the data source
			conn = dataSrc.getConnection();

			PreparedStatement pstmt = conn
					.prepareStatement("select test_msg from test_msgs");
			ResultSet rs = pstmt.executeQuery();

			int count = 1;

			while (rs.next()) {
				String tmpString = rs.getString("test_msg");
				out.println("msg # ");
				out.println(Integer.toString(count));
				out.println(" --> ");
				out.println(tmpString); /*
										 * BAD - output retrieved data without
										 * filtering
										 */
				out.println("<br>");
				count++;
			}
		} catch (NamingException e) {
			out.println("Naming exception: ");
		} catch (SQLException se) {
			out.println("SQL exception occured: ");

		} catch (Exception e) {
			out.println("General Exception occured: ");
		} finally {
			try {
				if (conn != null) {
					conn.close();
				}
			} catch (SQLException se) {
				out.println("SQL exception occured: ");
			}
		}
		out.println("</body></html>");
		out.close();
	}

	public String getServletInfo() {
		return "The Hello servlet says hello (with CWE79 Stored XSS bad sample code).";
	}

}
